Popular e-commerce site Wine Library has started notifying its customers of a breach that resulted in the compromise of their credit card information, TechCrunch reports.

"While the full extent of the breach has not been verified – and it is possible you were not affected – we wanted to be sure to share with you what we could," it said in the email. "When we began hearing from a few customers about possible fraudulent credit card charges in the middle of October, we launched an investigation. At that time, we did not know a data breach had occurred. However, as the number of these concerns increased in early November, we removed all credit card data from our site on November 11th since it became clearer that, although we couldn’t find a breach, something was going on. Last week we confirmed that an IP address from China was used to hack our website and potentially compromised customer credit card information. As far as we can tell, this did not affect any in store transactions."

Apart from removing credit card data from the site, the company is speeding up the launch of a new website, on which all credit card data will be tokenized through a third party.

Until more is known about the breach, the customers have been advised to check their credit card statements for suspicious transactions and to apply for a free credit report. Also, all customers visiting the site are faced with a request to reset their account password.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.